You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Some files in TEMP:
====================
C:\Users\intox\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Error: (05/21/2015 09:18:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f18

Start Time: 01d09433d6f7f42c

Termination Time: 0

Application Path: C:\Users\intox\Downloads\FRST64.exe

Report Id:

Error: (05/21/2015 09:15:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

some of the problems i've been having include: Windows Update not working, services stopping, no admin rights to do anything.....computer rebooted and i lost a large portion of my documents. The only way I can get online with it is Safe Mode with networking or by running MSconfig selective start up. I began to notice this a few days after installing WEBROOT anti-virus that my wife purchased

P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, µTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

I began to notice this a few days after installing WEBROOT anti-virus that my wife purchased

I take it that Webroot has since been removed... as I see no sign of it in the reports.

Step 1Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\intox\Downloads.NOTE.It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

Step 2Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.